Microsoft has released patches to its Windows operating system which restricts the AutoRun entries in the AutoPlay dialog to only CD and DVD drives. Windows includes a feature known as “AutoRun” which lets automatic arbitrary code execution when removable devices are connected to the computer. Inserting a CD, DVD, USB and Firewire device or even mapping a network device may trigger the “autorun”.
This feature is utilized by the malware authors to develop a class of malware known as “autorun malware”. Conficker worm is one well known example of this type of malware. Recently Trend Micro researchers have detected that in the first two quarters of 2009, most Asian countries have autorun malware as their top infectors.
The patches released by Microsoft lowers the risk and reduces the attack surface. Note that an USB drive can be configured to masquerade as a CD.
Head over to Microsoft and install the patches.